Sign commits with GPG key

klatka · 16 November 2023 13:49

Hello,

I am facing an issue with GitHub's Vigilant mode which displays my commits via Node-RED as unverified due to their lack of signature. As a feature request, I would like to suggest the possibility of adding GPG keys similar to SSH keys, and if a key is provided, all commits should be automatically signed. To achieve this on my development machine for my other repos, I use the following shell commands:

git config --global --unset gpg.format
git config --global user.signingkey <keyid>
git config --global commit.gpgsign true

Thank you.

TotallyInformation · 16 November 2023 16:41

Surely, if you run that in the project's folder, you will get what you want?

klatka · 17 November 2023 12:09

I have no access to shell on the machine running node-red

TotallyInformation · 17 November 2023 13:49

Actually, you do - unless whoever is managing Node-RED has blocked the exec command.

klatka · 6 December 2023 08:52

/bin/bash: line 1: gpg: command not found

Node-RED is running as a docker container, I cannot change the image or something else.

TotallyInformation · 6 December 2023 11:45

You would almost certainly need to know the full path since you probably won't have any of the expected path environment variables set inside the container.

On my Linux system, for example, the git command is actually /usr/bin/git so try an exec with that.

system · 4 February 2024 11:45

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
0.18.4 Projects need "git" and "ssh-keygen", OK. how? General	6	1974	18 March 2019
Best way to handle ssh keys for node red? General security , docker	0	27	4 December 2024
Signed node-red docker images? General	4	313	16 November 2021
Node-RED projects not recognizing git command General	3	424	29 August 2021
Projects problem with git credentials General	4	570	24 October 2021

Sign commits with GPG key

Related topics